recent survey of 400 U.S.- and UK-based chief information security officers, an
overwhelming number, 88 percent, said they find themselves under a moderate or
high amount of job-related stress.
Moreover, 48 percent admitted that the stress has affected their mental health, while 31 percent said their job performance has suffered, according to .uk domain name registry Nominet, which commissioned the study last autumn and issued a report on its findings earlier today.
Nominet study conducted 12 months earlier found that only 27 percent of surveyed
CISO said their mental health was affected – meaning the number jumped
significantly over the course of just one year.
time of the survey, all participants worked at larger organizations or
enterprises with at least 3,000 employees.
35 percent of CISO respondents said that their stress is impacting their
physical health, while 23 percent said they are relying on medication or alcohol
as a coping mechanism or a means to manage their stress.
contingent of respondents also acknowledged that job-related stress is
affecting their relationships with family or children (40 percent), their marriage
or romantic relationships (32 percent) and their friendships (32 percent).
also examined some of the chief causes of CISO stress, and work-life balance
seems to be a major contributor. Seventy-one percent of surveyed CISOs said their
work-life balance is heavily weighted toward work long hours, and 39 percent that
this is a major contributor to stress.
study determined that CISOs work an average of 10 extra hours per week without
compensation, essentially putting in an average $30,319 in yearly bonus work.
of 10 surveyed CISOs said they’d agree to a 7.76 percent pay cut in exchange
for better work-life balance. Unfortunately, more time off may not be
realistic, as 87 percent of CISOs said that working long hours was expected
from their organization.
of its research, Nominet also surveyed 400 C-Suite executes, all of whom at the
time were board members of their companies. Seventy-eight percent of these executives
concurred that working extra hours is expected. Moreover, an overwhelming 97
percent said that the security team could improve on delivering value for amount
of budget they receive.
suggests that, despite how much effort the CISO puts in, business leaders still
think they should be getting more,” the Nominet report states.
major cause of stress is the heavy responsibility of protecting the network from
breaches and other threats. Twenty percent of CIOs said they’d be fired if a
breach occurred, even if they were not responsible for the incident. And 24
percent said their boards refuse to accept that breaches are inevitable.
from the C-Suite executives appear to back up these concerns: 24 percent confirmed
that they think breaches aren’t inevitable, while another 10 percent said they
don’t know for sure.
CISOs also cited a lack of support from their higher-ups. A total of 39 percent
said cybersecurity is an official board meeting agenda item less than half the
time, while 10 percent said it only happens if an incident occurs. But polled C-Suite
executives disagreed: 64 percent said cybersecurity is on the board’s agenda at
least half the time and 26 percent insisted cyber is brought up at every
major disparity: 21 percent of CISOs said there were no support structures to
help employees manage their stress, but only six percent of C-Suite executives
said their organizations lacked such support structures.
are potentially heading towards a burnout crisis if the very people who we are
relying on to keep businesses secure are operating under mounting pressure,”
said Russell Haworth, CEO of Nominet, in a press release. “Not only is this
harming the lives of CISOs but it will ultimately make it harder to retain
staff, catch attacks early and improve security. It is worrying that at
board level, understanding of these pressures appears not to have translated
there have been positive steps in mental health and stress-related issues, the
essence of tackling these issues has not received as much attention as needed,” added Dr. Dimitrios Tsivrikos, lecturer in consumer
and business psychology at University College London. “While measuring, understanding and incorporating key findings within the
work is incredibly important, we also need to consider that there is a lack of
research that looks into the work-life balance.”